Posted by: David Harley | April 17, 2018

Android: shady security apps

Useful interview with ESET’s Lukáš Štefanko, following up on his article on near- or completely-useless Android apps. Makes some very good points.

Fake or not fake – that is the question

“ESET’s analysis of shady apps pretending to be security – or “antivirus” – apps that were discovered on Google Play left some questions unanswered. Lukáš Štefanko, who did the research, speaks about its wider consequences.”

David Harley

Advertisements
Posted by: David Harley | April 17, 2018

Miscellaneous Android issues…

Security Research Labs: Mind the Gap – Uncovering the Android patch gap through binary-only patch analysis (HITB conference, April 13, 2018)

Commentary by Help Net: Your Android phone says it’s fully patched, but is it really?

E Hacking News: New malware strikes panic among B’luru bank customers – “The bankers in Bengaluru claimed to have discovered a new malware that helps the hackers siphon off money from a number of bank accounts … The policemen probing the cyber crime initially talk of MazarBot, a malware, used to sent some SMS to the bank account holders’ smart phones which provides the hackers with the banking details of the accountholders.

Kaspersky: GOOGLE PLAY BOOTS THREE MALICIOUS APPS FROM MARKETPLACE TIED TO APTs

David Harley

Posted by: David Harley | April 16, 2018

Free Android apps with poor password security

The Register: Android apps prove a goldmine for dodgy password practices

“And password crackers are getting a lot smarter…An analysis of free Android apps has shown that developers are leaving their crypto keys embedded in applications, in some cases because the software developer kits install them by default.”

Summarizes research described by Will Dormann, CERT/CC software vulnerability analyst, at BSides.

David Harley

Posted by: David Harley | April 16, 2018

Firefox for iOS: tracking protection by default

Mozilla: Latest Firefox for iOS Now Available with Tracking Protection by Default plus iPad Features.

Commentary from Sophos: Tracking protection in Firefox for iOS now on by default – why this matters

David Harley

Posted by: David Harley | April 14, 2018

Android insecurity & spyware targeting Uyghur population.

The Register: Exposed: Lazy Android mobe makers couldn’t care less about security  “Never. Is never a good time to get vulnerability fixes? Never is OK with you? Cool, never it is”

Graham Cluley for Bitdefender: China forces spyware onto Muslim’s Android phones, complete with security holes. Links to Adam Lynn’s report for the Open Technology Fund: App Targeting Uyghur Population Censors Content, Lacks Basic Security

Posted by: David Harley | April 7, 2018

Android, iOS, macOS security issues

David Harley

Posted by: David Harley | April 5, 2018

VirusTotal’s Android Sandbox

VirusTotal has announced a seriously improved version of its Android sandbox: Meet VirusTotal Droidy, our new Android sandbox.

All in all, it looks like a significant enhancement to the company’s malware behaviour analysis capabilities. There is, after all, lots of Android malware to put under the microscope.

Even if the name is a bit Droidy McDroidface. 🙂

David Harley

Posted by: David Harley | April 3, 2018

Android action updates

David Harley

Posted by: David Harley | April 1, 2018

Virus Bulletin paper on ‘app collusion’

Sometimes Virus Bulletin publishes papers outside its normal yearly conference cycle, and they’re always worth reading: New paper: Distinguishing between malicious app collusion and benign app collaboration: a machine-learning approach.

It’s a follow up to this conference paper: VB2016 paper: Wild Android collusions. (Which I missed at the time – I don’t often get to conferences nowadays, though I did present at VB2017 – so I’m glad of the opportunity to catch up with it.)

David Harley

Posted by: David Harley | March 31, 2018

Android & iOS news

David Harley

Older Posts »

Categories